[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Aug 6 09:12:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e313e415 by security tracker role at 2025-08-06T08:12:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,351 @@
+CVE-2025-8656 (Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulne ...)
+	TODO: check
+CVE-2025-8655 (Kenwood DMX958XR libSystemLib Command injection Remote Code Execution  ...)
+	TODO: check
+CVE-2025-8654 (Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution  ...)
+	TODO: check
+CVE-2025-8653 (Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Cod ...)
+	TODO: check
+CVE-2025-8652 (Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution ...)
+	TODO: check
+CVE-2025-8651 (Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution ...)
+	TODO: check
+CVE-2025-8650 (Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution  ...)
+	TODO: check
+CVE-2025-8649 (Kenwood DMX958XR JKWifiService Command Injection Remote Code Execution ...)
+	TODO: check
+CVE-2025-8648 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8647 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8646 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8645 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8644 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8643 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8642 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8641 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8640 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8639 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8638 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8637 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8636 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8635 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8634 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8633 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8632 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8631 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8630 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8629 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8628 (Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This ...)
+	TODO: check
+CVE-2025-8595 (The Zakra theme for WordPress is vulnerable to unauthorized data modif ...)
+	TODO: check
+CVE-2025-8573 (Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS fro ...)
+	TODO: check
+CVE-2025-8571 (Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Re ...)
+	TODO: check
+CVE-2025-8420 (The Request a Quote Form plugin for WordPress is vulnerable to Remote  ...)
+	TODO: check
+CVE-2025-8100 (The Element Pack Elementor Addons and Templates plugin for WordPress i ...)
+	TODO: check
+CVE-2025-7954 (A race condition vulnerability has been identified in Shopware's vouch ...)
+	TODO: check
+CVE-2025-7727 (The Gutenverse plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-7502 (The WPBakery Page Builder for WordPress plugin for WordPress is vulner ...)
+	TODO: check
+CVE-2025-7498 (The Exclusive Addons for Elementor plugin for WordPress is vulnerable  ...)
+	TODO: check
+CVE-2025-7399 (The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
+	TODO: check
+CVE-2025-7376 (Windows Shortcut Following (.LNK) vulnerability in multiple processes  ...)
+	TODO: check
+CVE-2025-7036 (The CleverReach\xae WP plugin for WordPress is vulnerable to time-base ...)
+	TODO: check
+CVE-2025-6994 (The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable ...)
+	TODO: check
+CVE-2025-6986 (The FileBird \u2013 WordPress Media Library Folders & File Manager plu ...)
+	TODO: check
+CVE-2025-6690 (The WP Tournament Registration plugin for WordPress is vulnerable to S ...)
+	TODO: check
+CVE-2025-6259 (The esri-map-view plugin for WordPress is vulnerable to Stored Cross-S ...)
+	TODO: check
+CVE-2025-6256 (The Flex Guten plugin for WordPress is vulnerable to Stored Cross-Site ...)
+	TODO: check
+CVE-2025-55027
+	REJECTED
+CVE-2025-55026
+	REJECTED
+CVE-2025-55025
+	REJECTED
+CVE-2025-55024
+	REJECTED
+CVE-2025-55023
+	REJECTED
+CVE-2025-55022
+	REJECTED
+CVE-2025-55021
+	REJECTED
+CVE-2025-55020
+	REJECTED
+CVE-2025-55019
+	REJECTED
+CVE-2025-54884 (Vision UI is a collection of enterprise-grade, dependency-free modules ...)
+	TODO: check
+CVE-2025-54883 (Vision UI is a collection of enterprise-grade, dependency-free modules ...)
+	TODO: check
+CVE-2025-54879 (Mastodon is a free, open-source social network server based on Activit ...)
+	TODO: check
+CVE-2025-54876 (The Janssen Project is an open-source identity and access management ( ...)
+	TODO: check
+CVE-2025-54873 (RISC Zero is a zero-knowledge verifiable general computing platform ba ...)
+	TODO: check
+CVE-2025-54872 (onion-site-template is a complete, scalable tor hidden service self-ho ...)
+	TODO: check
+CVE-2025-54869 (FPDI is a collection of PHP classes that facilitate reading pages from ...)
+	TODO: check
+CVE-2025-54801 (Fiber is an Express inspired web framework written in Go. In versions  ...)
+	TODO: check
+CVE-2025-54655 (Race condition vulnerability in the virtualization base module. Succes ...)
+	TODO: check
+CVE-2025-54653 (Path traversal vulnerability in the virtualization file module. Succes ...)
+	TODO: check
+CVE-2025-54652 (Path traversal vulnerability in the virtualization base module. Succes ...)
+	TODO: check
+CVE-2025-54651 (Race condition vulnerability in the kernel hufs module. Impact: Succes ...)
+	TODO: check
+CVE-2025-54650 (Improper array index verification vulnerability in the audio codec mod ...)
+	TODO: check
+CVE-2025-54649 (Vulnerability of using incompatible types to access resources in the l ...)
+	TODO: check
+CVE-2025-54648 (Out-of-bounds read vulnerability in the SSAP module of the NearLink pr ...)
+	TODO: check
+CVE-2025-54647 (Out-of-bounds read vulnerability in the SSAP module of the NearLink pr ...)
+	TODO: check
+CVE-2025-54646 (Vulnerability of inadequate packet length check in the BLE module. Imp ...)
+	TODO: check
+CVE-2025-54645 (Out-of-bounds array access issue due to insufficient data verification ...)
+	TODO: check
+CVE-2025-54644 (Out-of-bounds array access issue due to insufficient data verification ...)
+	TODO: check
+CVE-2025-54643 (Out-of-bounds array access issue due to insufficient data verification ...)
+	TODO: check
+CVE-2025-54642 (Issue of buffer overflow caused by insufficient data verification in t ...)
+	TODO: check
+CVE-2025-54641 (Issue of buffer overflow caused by insufficient data verification in t ...)
+	TODO: check
+CVE-2025-54640 (ParcelMismatch vulnerability in attribute deserialization. Impact: Suc ...)
+	TODO: check
+CVE-2025-54639 (ParcelMismatch vulnerability in attribute deserialization. Impact: Suc ...)
+	TODO: check
+CVE-2025-54638 (Issue of inconsistent read/write serialization in the ad module. Impac ...)
+	TODO: check
+CVE-2025-54637 (Out-of-bounds array access issue due to insufficient data verification ...)
+	TODO: check
+CVE-2025-54636 (Issue of buffer overflow caused by insufficient data verification in t ...)
+	TODO: check
+CVE-2025-54635 (Vulnerability of returning released pointers in the distributed notifi ...)
+	TODO: check
+CVE-2025-54634 (Vulnerability of improper processing of abnormal conditions in huge pa ...)
+	TODO: check
+CVE-2025-54633 (Out-of-bounds read vulnerability in the register configuration of the  ...)
+	TODO: check
+CVE-2025-54632 (Vulnerability of insufficient data length verification in the HVB modu ...)
+	TODO: check
+CVE-2025-54631 (Vulnerability of insufficient data length verification in the partitio ...)
+	TODO: check
+CVE-2025-54630 (:Vulnerability of insufficient data length verification in the DFA mod ...)
+	TODO: check
+CVE-2025-54629 (Race condition issue occurring in the physical page import process of  ...)
+	TODO: check
+CVE-2025-54628 (Vulnerability of incomplete verification information in the communicat ...)
+	TODO: check
+CVE-2025-54627 (Out-of-bounds write vulnerability in the skia module. Impact: Successf ...)
+	TODO: check
+CVE-2025-54626 (Pointer dangling vulnerability in the cjwindow module. Impact: Success ...)
+	TODO: check
+CVE-2025-54625 (Race condition vulnerability in the kernel file system module. Impact: ...)
+	TODO: check
+CVE-2025-54624 (Unexpected injection event vulnerability in the multimodalinput module ...)
+	TODO: check
+CVE-2025-54623 (Out-of-bounds read vulnerability in the devicemanager module. Impact:  ...)
+	TODO: check
+CVE-2025-54622 (Binding authentication bypass vulnerability in the devicemanager modul ...)
+	TODO: check
+CVE-2025-54621 (Iterator failure issue in the WantAgent module. Impact: Successful exp ...)
+	TODO: check
+CVE-2025-54620 (Deserialization vulnerability of untrusted data in the ability module. ...)
+	TODO: check
+CVE-2025-54619 (Iterator failure issue in the multi-mode input module. Impact: Success ...)
+	TODO: check
+CVE-2025-54618 (Permission control vulnerability in the distributed clipboard module.  ...)
+	TODO: check
+CVE-2025-54617 (Stack-based buffer overflow vulnerability in the dms_fwk module. Impac ...)
+	TODO: check
+CVE-2025-54616 (Out-of-bounds array access vulnerability in the ArkUI framework. Impac ...)
+	TODO: check
+CVE-2025-54615 (Vulnerability of insufficient information protection in the media libr ...)
+	TODO: check
+CVE-2025-54614 (Input verification vulnerability in the home screen module. Impact: Su ...)
+	TODO: check
+CVE-2025-54613 (Iterator failure vulnerability in the card management module. Impact:  ...)
+	TODO: check
+CVE-2025-54612 (Iterator failure vulnerability in the card management module. Impact:  ...)
+	TODO: check
+CVE-2025-54611 (EXTRA_REFERRER resource read vulnerability in the Gallery module. Impa ...)
+	TODO: check
+CVE-2025-54610 (Out-of-bounds access vulnerability in the audio codec module. Impact:  ...)
+	TODO: check
+CVE-2025-54609 (Out-of-bounds access vulnerability in the audio codec module. Impact:  ...)
+	TODO: check
+CVE-2025-54608 (Vulnerability that allows setting screen rotation direction without pe ...)
+	TODO: check
+CVE-2025-54607 (Authentication management vulnerability in the ArkWeb module. Impact:  ...)
+	TODO: check
+CVE-2025-54606 (Status verification vulnerability in the lock screen module. Impact: S ...)
+	TODO: check
+CVE-2025-54594 (react-native-bottom-tabs is a library of Native Bottom Tabs for React  ...)
+	TODO: check
+CVE-2025-54571 (ModSecurity is an open source, cross platform web application firewall ...)
+	TODO: check
+CVE-2025-54125 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-54124 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-53534 (RatPanel is a server operation and maintenance management panel. In ve ...)
+	TODO: check
+CVE-2025-52237 (An issue in the component /stl/actions/download?filePath of SSCMS v7.3 ...)
+	TODO: check
+CVE-2025-47324 (Information disclosure while accessing and modifying the PIB file of a ...)
+	TODO: check
+CVE-2025-32430 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
+	TODO: check
+CVE-2025-27076 (Memory corruption while processing simultaneous requests via escape pa ...)
+	TODO: check
+CVE-2025-27075 (Memory corruption while processing IOCTL command with larger buffer in ...)
+	TODO: check
+CVE-2025-27073 (Transient DOS while creating NDP instance.)
+	TODO: check
+CVE-2025-27072 (Information disclosure while processing a packet at EAVB BE side with  ...)
+	TODO: check
+CVE-2025-27071 (Memory corruption while processing specific files in Powerline Communi ...)
+	TODO: check
+CVE-2025-27069 (Memory corruption while processing DDI command calls.)
+	TODO: check
+CVE-2025-27068 (Memory corruption while processing an IOCTL command with an arbitrary  ...)
+	TODO: check
+CVE-2025-27067 (Memory corruption while processing DDI call with invalid buffer.)
+	TODO: check
+CVE-2025-27066 (Transient DOS while processing an ANQP message.)
+	TODO: check
+CVE-2025-27065 (Transient DOS while processing a frame with malformed shared-key descr ...)
+	TODO: check
+CVE-2025-27062 (Memory corruption while handling client exceptions, allowing unauthori ...)
+	TODO: check
+CVE-2025-21477 (Transient DOS while processing CCCH data when NW sends data with inval ...)
+	TODO: check
+CVE-2025-21474 (Memory corruption while processing commands from A2dp sink command que ...)
+	TODO: check
+CVE-2025-21473 (Memory corruption when using Virtual cdm (Camera Data Mover) to write  ...)
+	TODO: check
+CVE-2025-21472 (Information disclosure while capturing logs as eSE debug messages are  ...)
+	TODO: check
+CVE-2025-21465 (Information disclosure while processing the hash segment in an MBN fil ...)
+	TODO: check
+CVE-2025-21464 (Information disclosure while reading data from an image using specifie ...)
+	TODO: check
+CVE-2025-21461 (Memory corruption when programming registers through virtual CDM.)
+	TODO: check
+CVE-2025-21458 (Memory corruption when IOCTL interface is called to map and unmap buff ...)
+	TODO: check
+CVE-2025-21457 (Information disclosure while opening a fastrpc session when domain is  ...)
+	TODO: check
+CVE-2025-21456 (Memory corruption while processing IOCTL command when multiple threads ...)
+	TODO: check
+CVE-2025-21455 (Memory corruption while submitting blob data to kernel space though IO ...)
+	TODO: check
+CVE-2025-21452 (Transient DOS while processing a random-access response (RAR) with an  ...)
+	TODO: check
+CVE-2025-21024 (Use of Implicit Intent for Sensitive Communication in Smart View prior ...)
+	TODO: check
+CVE-2025-21023 (Improper access control in WcsExtension for Galaxy Watch prior to Andr ...)
+	TODO: check
+CVE-2025-21022 (Improper access control in Galaxy Wearable prior to version 2.2.63.250 ...)
+	TODO: check
+CVE-2025-21021 (Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to  ...)
+	TODO: check
+CVE-2025-21020 (Out-of-bounds write in creating bitmap images in Blockchain Keystore p ...)
+	TODO: check
+CVE-2025-21019 (Improper authorization in Samsung Health prior to version 6.30.1.003 a ...)
+	TODO: check
+CVE-2025-21018 (Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 al ...)
+	TODO: check
+CVE-2025-21017 (Out-of-bounds write in detaching crypto box in Blockchain Keystore pri ...)
+	TODO: check
+CVE-2025-21016 (Improper access control in PkgPredictorService prior to SMR Aug-2025 R ...)
+	TODO: check
+CVE-2025-21015 (Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 all ...)
+	TODO: check
+CVE-2025-21014 (Improper export of android application component in Emergency SoS prio ...)
+	TODO: check
+CVE-2025-21013 (Improper access control in SemSensorManager for Galaxy Watch prior to  ...)
+	TODO: check
+CVE-2025-21012 (Improper access control in fall detection for Galaxy Watch prior to SM ...)
+	TODO: check
+CVE-2025-21011 (Improper access control in SemSensorService for Galaxy Watch prior to  ...)
+	TODO: check
+CVE-2025-21010 (Improper privilege management in SamsungAccount prior to SMR Aug-2025  ...)
+	TODO: check
+CVE-2025-20990 (Improper access control in accessing system device node prior to SMR A ...)
+	TODO: check
+CVE-2013-10070 (PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/ ...)
+	TODO: check
+CVE-2013-10067 (Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbit ...)
+	TODO: check
+CVE-2013-10066 (An unauthenticated arbitrary file upload vulnerability exists inKordil ...)
+	TODO: check
+CVE-2013-10065 (A denial-of-service vulnerability exists inSysax Multi-Server version  ...)
+	TODO: check
+CVE-2012-10035 (Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overf ...)
+	TODO: check
+CVE-2012-10033 (Narcissus is vulnerable to remote code execution via improper input ha ...)
+	TODO: check
+CVE-2012-10032 (Maxthon3 versions prior to 3.3 are vulnerable to cross context scripti ...)
+	TODO: check
+CVE-2012-10030 (FreeFloat FTP Server contains multiple critical design flaws that allo ...)
+	TODO: check
+CVE-2012-10029 (Nagios XI Network Monitor prior to Graph Explorer component version 1. ...)
+	TODO: check
+CVE-2012-10028 (Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its ...)
+	TODO: check
+CVE-2012-10027 (WP-Property plugin for WordPress through version 1.35.0 contains an un ...)
+	TODO: check
+CVE-2012-10026 (The WordPress plugin Asset-Manager version 2.0 and below contains an u ...)
+	TODO: check
+CVE-2012-10025 (The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and be ...)
+	TODO: check
+CVE-2012-10024 (XBMC version 11, including builds up to the 2012-11-04 nightly release ...)
+	TODO: check
+CVE-2012-10023 (A stack-based buffer overflow vulnerability exists in FreeFloat FTP Se ...)
+	TODO: check
 CVE-2025-8556
 	- golang-github-cloudflare-circl 1.6.1-1
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2371624
@@ -23308,7 +23656,7 @@ CVE-2025-1138 (IBM InfoSphere Information Server 11.7 could disclose sensitive i
 	NOT-FOR-US: IBM
 CVE-2025-1033 (The Badgearoo WordPress plugin through 1.0.14 does not sanitise and es ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-0921 (Execution with Unnecessary Privileges vulnerability in the Pager agent ...)
+CVE-2025-0921 (Execution with Unnecessary Privileges vulnerability in multiple servic ...)
 	NOT-FOR-US: Mitsubishi
 CVE-2025-0688 (The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress p ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e313e41588a68071caf937b40687528c0de762f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e313e41588a68071caf937b40687528c0de762f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250806/4119c876/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list